Hey Community,
I want to choose LSC for an internal project to grep all our AD Users
and hold them in sync with the projects OpenLDAP server.
Now we run into a problem, where I stuck for a few days now.
I can successfully sync our AD Users in the OpenLDAP. But when the sync
job is restarted, the LSC tries to create them again in the LDAP Server.
This seems not a Problem normally, since the DN already exists in LDAP
and the creation fails.
But in our scenario, we have to create Posix users from the
sAMAccountName with Unique UIDNumber.
For this I used the tutorial on the LSC project page
(http://lsc-project.org/wiki/documentation/2.0/configuration/syncoptions/sequences)
to have a counter available.
My Problem is, that on every run when the Users should be synced, the
counter for the UIDNumber is increased by 1 for every user nether he
must be created or not.
Has any one solved that problem in the past?
I run LSC 2.0.2 in syncronous mode if.
Here is the relevant xml task snippet.
>>
<tasks>
<!-- BEGIN: TASK: Sync AD User -->
<task>
<name>CreateAdUser</name>
<bean>org.lsc.beans.SimpleBean</bean>
<ldapSourceService>
<name>ad-src-service</name>
<connection reference="AD" />
<baseDn>dc=company,dc=group</baseDn>
<pivotAttributes>
<string>sAMAccountName</string>
</pivotAttributes>
<fetchedAttributes>
<string>sAMAccountName</string>
<string>cn</string>
<string>givenName</string>
<string>sn</string>
</fetchedAttributes>
<getAllFilter>(&(objectClass=User)(objectCategory=Person)(|(sAMAccountName=b*)(sAMAccountName=e*))(!(sAMAccountName=company*)))</getAllFilter>
<getOneFilter>(&(objectClass=User)(objectCategory=Person)(sAMAccountName={sAMAccountName}))</getOneFilter>
</ldapSourceService>
<ldapDestinationService>
<name>openldap-dst-service</name>
<connection reference="OpenLDAP" />
<baseDn>dc=lnxcim,dc=company,dc=group</baseDn>
<pivotAttributes>
<string>uid</string>
</pivotAttributes>
<fetchedAttributes>
<string>dn</string>
<string>sn</string>
<string>cn</string>
<string>uid</string>
<string>givenName</string>
<string>ObjectClass</string>
<string>uidNumber</string>
<string>gidNumber</string>
<string>homeDirectory</string>
<string>userPassword</string>
</fetchedAttributes>
<getAllFilter>(&(uid=*)(objectClass=inetOrgPerson))</getAllFilter>
<getOneFilter>(&(objectClass=inetOrgPerson)(uid={uid}))</getOneFilter>
</ldapDestinationService>
<propertiesBasedSyncOptions>
<!-- choose UID as DN in OpenLDAP -->
<mainIdentifier>"uid=" +
srcBean.getDatasetFirstValueById("sAMAccountName") +
",ou=users,dc=lnxcim,dc=company,dc=group"</mainIdentifier>
<defaultDelimiter>;</defaultDelimiter>
<defaultPolicy>FORCE</defaultPolicy>
<!-- ObjectClass -->
<dataset>
<name>objectClass</name>
<policy>FORCE</policy>
<forceValues>
<string>"top"</string>
<string>"person"</string>
<string>"organizationalPerson"</string>
<string>"inetOrgPerson"</string>
<string>"posixAccount"</string>
</forceValues>
</dataset>
<!-- sAMAccountName == UID -->
<dataset>
<name>uid</name>
<policy>FORCE</policy>
<createValues>
<string>srcBean.getDatasetFirstValueById("sAMAccountName")</string>
</createValues>
</dataset>
<!-- count up the uidNumber for every user
created, for this we have a cn with serialNumber attribute for count up
in the LDAP -->
<dataset>
<name>uidNumber</name>
<policy>KEEP</policy>
<createValues>
<string>SequencesFactory.getInstance(ldap.getJndiServices()).getNextValue("cn=uidNumberSequenceUnix,ou=LSC,ou=services,dc=lnxcim,dc=company,dc=group","serialNumber")</string>
</createValues>
</dataset>
<!-- set users home -->
<dataset>
<name>homeDirectory</name>
<policy>FORCE</policy>
<createValues>
<string>"/home/" +
srcBean.getDatasetFirstValueById("sAMAccountName")</string>
</createValues>
</dataset>
<dataset>
<name>givenName</name>
<policy>FORCE</policy>
<createValues>
<string>srcBean.getDatasetFirstValueById("givenName")</string>
</createValues>
</dataset>
<dataset>
<name>sn</name>
<policy>FORCE</policy>
<createValues>
<string>srcBean.getDatasetFirstValueById("sn")</string>
</createValues>
</dataset>
<dataset>
<name>cn</name>
<policy>FORCE</policy>
<createValues>
<string>srcBean.getDatasetFirstValueById("cn")</string>
</createValues>
</dataset>
<!-- create userPassword as SASL auth -->
<dataset>
<name>userPassword</name>
<policy>FORCE</policy>
<createValues>
<string>"{SASL}" +
srcBean.getDatasetFirstValueById("sAMAccountName") +
"@company.group"</string>
</createValues>
</dataset>
</propertiesBasedSyncOptions>
</task>
<!-- END: Task: Sync AD User -->
</tasks>
<<
Thanks for your hints and replies!
Sebastian
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
